SushiSwap hacking attack causes losses of $3.3 million

The decentralized exchange platform was the victim of a hacking attack, which occurred last weekend

SushiSwap, a cryptocurrency decentralized exchange (DEX), fell victim to a cyberattack that resulted in the loss of $3.3 million worth of Ether (ETH) belonging to a user. The attack happened over the weekend and targeted the RouteProcess02 smart contract, which helps aggregate liquidity from various sources and determines the best price for cryptocurrency trading.

Security team PeckShield reported that a user in the crypto community known as Sifu had around 1,800 ETH stolen due to an “approval error” in the SushiSwap smart contract.

According to blockchain security experts, the glitch originated from the platform’s swap() function, which allowed the exploiter to peg and steal users’ tokens without their knowledge. SushiSwap lead developer Jared Gray urged users to revoke permissions for all protocol contracts after confirming the issue. PeckShield also recommended that all users revoke permissions for contracts in the protocol, noting that the exploited contract was deployed across multiple blockchains.

In addition to Sifu, some USDC users may have been affected as well. Although some reports suggest that not many are at risk. The DeFiLlama developer, known as @0xngmi, claimed in a tweet that only those who traded on the DEX in the last four days should be affected. A list of contracts was published on GitHub with all the strings that should be revoked and a tool was shared to check if any of the user addresses were affected.

According to Kevin Peng, a block research analyst, 190 Ethereum addresses approved the problematic contract, while more than 2,000 addresses from Arbitrum, an Ethereum Layer 2 network, apparently approved the flawed contract. The vulnerable contract is also implemented in Polygon, another popular Ethereum Layer 2 solution. Users are encouraged to verify their exposure on other networks, such as Ethereum, Avalange, Gnosis, and Optimism, among others.

K. Tovar

Source: Diariobitcoin

(Reference image source: file)

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on Twitter and Instagram

Comments are closed.